Message ID | 20240202023547.11141-1-quic_bqiang@quicinc.com (mailing list archive) |
---|---|
State | Accepted |
Commit | b802e7b7e771dee3377d071418281f8b64d2d832 |
Delegated to: | Kalle Valo |
Headers | show |
Series | wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use | expand |
On 2/1/2024 6:35 PM, Baochen Qiang wrote: > Currently in ath11k_peer_assoc_h_he() rx_mcs_80 and rx_mcs_160 > are used to calculate max_nss, see > if (support_160) > max_nss = min(rx_mcs_80, rx_mcs_160); > else > max_nss = rx_mcs_80; > > Kernel test robot complains on uninitialized symbols: > drivers/net/wireless/ath/ath11k/mac.c:2321 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_80'. > drivers/net/wireless/ath/ath11k/mac.c:2321 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_160'. > drivers/net/wireless/ath/ath11k/mac.c:2323 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_80'. > > This is because there are some code paths that never set them, so > the assignment of max_nss can come from uninitialized variables. > This could result in some unknown issues since a wrong peer_nss > might be passed to firmware. > > Change to initialize them to an invalid value at the beginning. This > makes sense because even max_nss gets an invalid value, due to either > or both of them being invalid, we can get an valid peer_nss with > following guard: > arg->peer_nss = min(sta->deflink.rx_nss, max_nss) > > Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 > > Fixes: 3db26ecf7114 ("ath11k: calculate the correct NSS of peer for HE capabilities") > Reported-by: kernel test robot <lkp@intel.com> > Closes: https://lore.kernel.org/oe-kbuild-all/202401311243.NyXwWZxP-lkp@intel.com/ > Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Baochen Qiang <quic_bqiang@quicinc.com> wrote: > Currently in ath11k_peer_assoc_h_he() rx_mcs_80 and rx_mcs_160 > are used to calculate max_nss, see > if (support_160) > max_nss = min(rx_mcs_80, rx_mcs_160); > else > max_nss = rx_mcs_80; > > Kernel test robot complains on uninitialized symbols: > drivers/net/wireless/ath/ath11k/mac.c:2321 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_80'. > drivers/net/wireless/ath/ath11k/mac.c:2321 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_160'. > drivers/net/wireless/ath/ath11k/mac.c:2323 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_80'. > > This is because there are some code paths that never set them, so > the assignment of max_nss can come from uninitialized variables. > This could result in some unknown issues since a wrong peer_nss > might be passed to firmware. > > Change to initialize them to an invalid value at the beginning. This > makes sense because even max_nss gets an invalid value, due to either > or both of them being invalid, we can get an valid peer_nss with > following guard: > arg->peer_nss = min(sta->deflink.rx_nss, max_nss) > > Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 > > Fixes: 3db26ecf7114 ("ath11k: calculate the correct NSS of peer for HE capabilities") > Reported-by: kernel test robot <lkp@intel.com> > Closes: https://lore.kernel.org/oe-kbuild-all/202401311243.NyXwWZxP-lkp@intel.com/ > Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> > Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> > Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Patch applied to ath-next branch of ath.git, thanks. b802e7b7e771 wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c index bbf4d1f4d310..299f4f3d7659 100644 --- a/drivers/net/wireless/ath/ath11k/mac.c +++ b/drivers/net/wireless/ath/ath11k/mac.c @@ -2294,6 +2294,8 @@ static void ath11k_peer_assoc_h_he(struct ath11k *ar, mcs_160_map = le16_to_cpu(he_cap->he_mcs_nss_supp.rx_mcs_160); mcs_80_map = le16_to_cpu(he_cap->he_mcs_nss_supp.rx_mcs_80); + /* Initialize rx_mcs_160 to 9 which is an invalid value */ + rx_mcs_160 = 9; if (support_160) { for (i = 7; i >= 0; i--) { u8 mcs_160 = (mcs_160_map >> (2 * i)) & 3; @@ -2305,6 +2307,8 @@ static void ath11k_peer_assoc_h_he(struct ath11k *ar, } } + /* Initialize rx_mcs_80 to 9 which is an invalid value */ + rx_mcs_80 = 9; for (i = 7; i >= 0; i--) { u8 mcs_80 = (mcs_80_map >> (2 * i)) & 3;
Currently in ath11k_peer_assoc_h_he() rx_mcs_80 and rx_mcs_160 are used to calculate max_nss, see if (support_160) max_nss = min(rx_mcs_80, rx_mcs_160); else max_nss = rx_mcs_80; Kernel test robot complains on uninitialized symbols: drivers/net/wireless/ath/ath11k/mac.c:2321 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_80'. drivers/net/wireless/ath/ath11k/mac.c:2321 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_160'. drivers/net/wireless/ath/ath11k/mac.c:2323 ath11k_peer_assoc_h_he() error: uninitialized symbol 'rx_mcs_80'. This is because there are some code paths that never set them, so the assignment of max_nss can come from uninitialized variables. This could result in some unknown issues since a wrong peer_nss might be passed to firmware. Change to initialize them to an invalid value at the beginning. This makes sense because even max_nss gets an invalid value, due to either or both of them being invalid, we can get an valid peer_nss with following guard: arg->peer_nss = min(sta->deflink.rx_nss, max_nss) Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 Fixes: 3db26ecf7114 ("ath11k: calculate the correct NSS of peer for HE capabilities") Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202401311243.NyXwWZxP-lkp@intel.com/ Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> --- drivers/net/wireless/ath/ath11k/mac.c | 4 ++++ 1 file changed, 4 insertions(+) base-commit: d4d13947306ab3c98c84389d9397563b550b71b8